UK universities deny research data was compromised in hacks

Hackers hit universities with hundreds of attacks each year - report

UK universities' cyber defences are letting through hundreds of attacks every year, according to data collected by The Times.

Hackers successfully landed 1,152 attacks on some of the UK's leading universities in the last two years, the publication's Freedom of Information requests found.

The number of successful attacks recorded in 2017 was double the number in 2016, the report added, without providing figures for each year.

Cyber criminals were reportedly targeting research into weapons, military science and energy, but universities did not confirm this when approached by IT Pro.

Advertisement
Advertisement - Article continues below

Carsten Maple, the University of Warwick's director of cyber security research, and chairman of Britain's council of professors and heads of computing, told The Times: "Certainly somebody might attack a university and then provide that information to a nation state.

"Universities drive forward a lot of the research and development in the UK. Intellectual property takes years of know-how and costs a lot. If someone can get that very quickly, that's good for them."

He added that hackers could target universities due to their inadequate cyber defences.

However, University College London said no sensitive information was stolen by hackers.

A UCL spokesman told IT Pro: "We have no evidence of anyone gaining unauthorised access to sensitive data on UCL systems over the period covered by the recent FoI request."

Rather, a university source said ransomware attacks encrypted some of its IT systems, seeking payment to unlock them, without the criminals making off with the data.

Bridget Kenyon, head of information security at UCL, added: "We are experiencing an increasing number of attempted information security breaches. As an organisation, we have robust procedures in place to protect information and have developed significant knowledge and expertise in dealing with these attacks -- as shown in our response to the incident we experienced earlier this year.

"However, the nature of this threat is constantly evolving and it remains a very significant challenge facing IT professionals in all industries."

The cyber attacks affected educational establishments including the University of Oxford, the University of Warwick, UCL, and Oxford Brookes.

The University of Oxford suffered 613 breaches between November 2015 and May 2017 in which attackers accessed users' account details, or managed to access data on university machines or via university services.

Advertisement
Advertisement - Article continues below

But a university spokesperson said the vast majority of these attacks were rectified before the hacker could actually make use of the access, and also denied that any research was breached.

Oxford recorded three DDoS attacks in January, April and May 2016, but a spokesperson said: "Two of these attacks had no impact on university IT services. The third restricted access to email and the network for some users for several hours before it was remedied.

"As with any institution's network, frequent unauthorised attempts are made to access our services. However, we have strong security systems and almost all attacks are repulsed without network users even being aware of them."

Oxford Brookes reportedly had research data compromised following an attack in July.

Seamus Shaw, its CIO, said: "The university, in common with other sectors, has experienced a small number of cyber security incidents in recent years. The university employs and partners with technical experts to help mitigate against such incidents, which have often related to phishing attempts.

"The most important aspect of the work we do is in educating users - particularly in relation to best-practice when clicking on links and maintenance of secure passwords."

Warwick declined to answer the FoI, but a spokesman also denied its research was the target.

"It is no surprise that such universities would be in such a list [of hacking targets], not because of their research data, but simply because they will have a high number of highly connected researchers, teachers and students working on a global basis," he said.

"Accordingly, the university has in place long established and extensive cyber security measures that are reviewed continuously and updated as required."

Paul Cant, EMEA VP for IT services firm BMC Software, said: "Across both the public and private sector, the threat from hackers is constantly on the rise. And, as prime sources of intelligence and information gathering, this data indicates the desperate need for far greater investment to be ploughed into the cyber defences of our educational institutions."

Advertisement
Advertisement - Article continues below

Picture of University of Oxford, credit: Bigstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019